Update distribution system architecture and method for distributing software

ABSTRACT

A method for controlling the update installation behavior of a computing device according to installation attributes is presented. When present, a mandatory installation attribute associated with a software update causes the installation process executed on the computing device to disallow a user to selectively not install the software update. A priority installation attribute causes the computing device to request a higher amount of network bandwidth for obtaining the software update&#39;s content for installation on the client computing device. A deadline installation attribute associated with the software update causes the computing device to permit a user to selectively not install the software update until an associated deadline passes, at which time the software update is installed without further user interaction. A zero system interruption (ZSI) installation attribute causes the computing device to automatically install the software update without user interaction if the computing device is properly configured.

FIELD OF THE INVENTION

The present invention relates to software and computer networks and, inparticular, the present invention relates to controlling installationupdate behaviors on a client computer.

BACKGROUND OF THE INVENTION

Most commercially available software products undergo a continualrevision process to repair or upgrade features and/or functions. Eachrevision of a software product or component may require the addition ofnew files and/or the replacement of existing files with files of newerversions. Once a vendor has isolated a software product problem andcreated a solution for the problem, it would want to put that fix intoan update and make the update widely available to the customers.Software vendors have a business incentive to distribute softwareupdates to customers as quickly and trouble-free as possible.

The Internet provides an important channel for customers to obtain thelatest updates for software products. The explosive growth of Internetusage has created a common expectation by customers that softwareproducts and updates be provided online for downloading. It is also inthe interest of software vendors to promote the use of the Internet todistribute updates, because it reduces their costs and allows customersto obtain the fix for an identified problem as soon as the fix is madeavailable for downloading. The vendor sites on the Internet can bedesigned to make it very simple to discover and locate update files foran application. The technical aspects of file download have mostlydisappeared from the user's view, and are now typically handled by theoperating system.

In a conventional approach, a software vendor constructs a softwareupdate as a “package” for download. This package is typically aself-extracting executable file with the setup program and each of theproduct's updated files embedded and compressed to make the packagesmaller. The size of the package is generally the sum of the compressedsizes of each changed file, plus the size of the extraction code itself.Upon execution, the package extracts each of the contained files to atemporary location, then starts the setup program to install each fileto a proper location in the system's directory. Files that are shippedin a compressed form are decompressed as they are installed. Anyexisting file of the same name in the same location would simply beoverwritten by the replacement file.

Even though the Internet makes wide and quick distribution of softwareupdates possible, the limited bandwidth of network transmission hascaused problems. The sheer sizes of common software applications havecaused the download sizes of updates to become unreasonably large.Usually a multitude of fixes for a variety of problems of a product willbe grouped into an update. If a vendor updates a software product on aregular basis, the download size of the update package will continue togrow, because the vendor cannot omit files under the assumption that theuser already has those files from earlier updates. Because the updatepackage combines a number of whole files, it may be quite large, evenwhen the files are compressed. Sometimes, even on the fastest modemconnections, the bandwidth efficiency of the download is decreased.

The time-consuming aspect of the conventional downloading process is, ofcourse, undesirable. In some cases, customers pay long-distance orconnection time charges during these file downloads. Any reductions inconnection time will reduce the direct monetary cost for thesecustomers. The vendors typically also have some distinguishable costsrelating to the sizes of downloads they provide, so reducing the sizesmay give them direct monetary benefits as well. Reducing the sizes ofdownloads will increase their available network bandwidth, allowing themto serve more customers with existing network server equipment.

The long time it takes to download a large update also makes thedownloading process more vulnerable to various network connectionproblems. There are a number of reasons why an Internet session might bedisconnected prematurely, including telephone line noise, call-waitingsignals, and unintentional commands. Some Internet service providersenforce a connection time limit, limiting the amount of time the usercan be on-line in a single session. If the user is downloading a largefile when the network connection is cut off, he or she may have to startover. Most common operating systems and file transfer protocols do notallow the file transfer to be resumed, so any interim progress would belost, and the transfer would have to be restarted. The opportunities forfailure are so numerous that many users find it nearly impossible toobtain the update online. If the size of an update package is too large,users may never be able to completely download it.

One attempt to reduce the size of software updates and increasebandwidth efficiency relates to the use of delta patches, or binarypatches. One skilled in the relevant art will appreciate that a deltapatch corresponds to specialized software code that modifies an existingfile when executed by a computing device. Because the delta patchincludes specialized software code, a unique delta patch is required foreach unique version of a file. As applied to software updates, asoftware update service can transmit a smaller sized update delta patchinstead of transmitting a complete, updated file. The updated deltapatch is then utilized to modify the existing file into the updatedfile.

Although the update delta patches can potentially reduce the amount ofdata required to update files, current approaches to delta patching aredeficient in managing the selection of applicable delta files insituations where a large number of versions of a file exist. Because aunique delta patch is required for each version of a file, typicalsoftware update systems can often require hundreds, if not thousands, ofunique delta patches to correspond to each unique version of a file. Inone approach, some update services supporting delta patching transmitall possible delta patches to a client computing device. However, thisapproach typically increases the amount of data required to implementthe software update as the number of possible update delta patchesincrease. Accordingly, the number of potentially applicable deltapatches can quickly grow to the same size as the complete updated file.In another approach, a networked update software service scans a clientmachine to select which delta patch may be applicable for each clientmachine. Although this reduces the amount of delta patch informationthat is transmitted, it requires additional logic on the software updateservice to scan the client machines and select an applicable deltapatch. The use of the additional logic increases the system resourcesthat must be provided by the service. Further, this approach typicallyprevents the utilization of network caching, such as is typicallyachieved by traditional Web servers.

In addition to the above described shortcomings, current approaches toinstalling software updates on a client computing device place allinstallation decisions to the client computing device's user. Stateddifferently, an administrator responsible for corporate computingdevices must either access each computing device individually to installa particular software update, or rely on the user of each computingdevice to install the software update. Similarly, a software provider iscurrently unable to exercise any level of control over particularupdates, such as requiring that a particular update be installed.

As will be readily understood from the foregoing, there is a need for asystem and method having improved communication of software updatesbetween a server and a number of clients. In addition, there exists aneed for a software update system and method having improved control ofthe update behaviors of client computers. Still further, there exists aneed to enable system administrators and/or software providers toexercise control over installation behaviors. The present inventionaddresses these needs as well as other related issues found in the priorart.

SUMMARY OF THE INVENTION

In accordance with aspects of the present invention, a method forcontrolling the installation behaviors of a computing device during asoftware update installation is presented. A software update forinstallation on the computing device is obtained. A determination ismade as to whether an installation attribute is associated with thesoftware update. If an installation attribute is associated with thesoftware update, the installation behavior of the computing device ininstalling the software update is modified.

In accordance with additional aspects of the present invention, acomputer-readable medium bearing computer-executable instructions which,when executed on a computing device, carry out a method for controllingthe installation behaviors of a computing device during a softwareupdate installation is presented. A software update for installation onthe computing device is obtained. A determination is made as to whetheran installation attribute is associated with the software update. If aninstallation attribute is associated with the software update, theinstallation behavior of the computing device in installing the softwareupdate is modified.

In accordance with yet further aspects of the present invention, amethod for controlling the installation behaviors of a computing deviceduring a software update installation according to associatedinstallation attributes is presented. A software update for installationon the computing device is obtained. A determination as to whether amandatory installation attribute is associated with the software updateis made. If a mandatory installation attribute is associated with thesoftware update, the installation behavior of the computing device ismodified such that a user of the computing device is prevented fromselectively not installing the software update on the computing device.Another determination as to whether a priority installation behavior isassociated with the software is made. If a priority installationattribute is associated with the software update, the installationbehavior of the computing device is modified such the computing devicerequests that the software update be downloaded in a higher prioritymanner for installation on the client computer. Yet anotherdetermination is made as to whether a deadline installation attribute isassociated with the software update. If a deadline installationattribute is associated with the software update, the installationbehavior of the computing device is modified such that the softwareupdate will be automatically installed on the computing device withoutuser interaction if a deadline corresponding the deadline installationattribute has passed. Yet still another determination is made as towhether zero service interruption (ZSI) installation attribute isassociated with the software update. If a ZSI installation attribute isassociated with the software update, the installation behavior of thecomputing device is modified such that the software update will beautomatically installed on the computing device without user interactionif the computing device is properly configured. Thereafter, the softwareupdate is installed on the computing device.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing aspects and many of the attendant advantages of thisinvention will become more readily appreciated as the same become betterunderstood by reference to the following detailed description, whentaken in conjunction with the accompanying drawings, wherein:

FIG. 1 is a block diagram of a software update system, including aclient computer and an update service providing update software inaccordance with the present invention;

FIG. 2 is a block diagram of the software update system of FIG. 1illustrating the authentication of a client computing device with theupdate service in accordance with the present invention;

FIG. 3 is a block diagram of the software update system of FIG. 1illustrating the synchronization of available updates between a clientcomputing device and the update service in accordance with the presentinvention;

FIG. 4 is a block diagram of the software update system of FIG. 1illustrating the transmission of software update information to a clientcomputing device from the update service in accordance with the presentinvention;

FIG. 5 is a block diagram of the software update system of FIG. 1illustrating the processing and selection of update information by aclient computing device in accordance with the present invention;

FIG. 6 is a block diagram of the software update system of FIG. 1illustrating the merging of delta patches and installation of updatedfiles by a client computing device in accordance with the presentinvention;

FIG. 7 is a flow diagram illustrative of a software update routineimplemented by a client computing device and an update service foridentifying software updates available for installation on the clientcomputing device, in accordance with the present invention;

FIG. 8 is a protocol diagram of an authorization routine for providingselective access to updates stored on the update service, in accordancewith the present invention;

FIG. 9 is a block diagram of an example set of software updatesillustrating an authorization routine, in accordance with the presentinvention;

FIG. 10 is a protocol diagram of a synchronization routine forcommunicating a select group of software updates from a software updateservice to a client computing device, in accordance with the presentinvention;

FIG. 11 is a pictorial diagram illustrating an exemplary section of agraphical user interface for displaying a list of software updates thatare available to an individual client computing device, in accordancewith the present invention;

FIGS. 12A and 12B are illustrative of a software update processingsub-routine 1200 implemented by the client computing device 110 toretrieve and install requested software in accordance with the presentinvention;

FIG. 13 is a flow diagram illustrative of a sub-routine implemented by aclient computing device for updating a baseline installation componentin accordance with the present invention;

FIG. 14 is a pictorial diagram illustrating an exemplary section of agraphical user interface for displaying a list of software updatesreflecting installation attributes according to aspects of the presentinvention; and

FIGS. 15A and 15B are illustrative of an exemplary routine forcontrolling the installation behaviors on a client computing deviceaccording to installation attributes while installing a software update.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Generally described, the present invention is directed to a system andmethod for managing software updates. More specifically, the presentinvention is directed to a system and method for facilitating theselection and implementation of software updates while minimizing thebandwidth and processing resources required to select and implement thesoftware updates. In accordance with the present invention softwareupdates can correspond to updates for specific software applications oroperating systems. Further, software updates can include softwaredrivers or updates to firmware, such as system BIOS. In accordance withan aspect of the present invention, a system and component architecturefor processing the software updates is provided. In accordance withanother aspect of the present invention, an update protocol andinterface to facilitate the authorization and synchronization of clientmachines with an update service is provided. In accordance with afurther aspect of the present invention, a method for updating aninstallation component and various installed files utilizing deltapatches is provided. One skilled in the relevant art will appreciate,however, that additional aspects of the present invention may also beprovided in the present application. Further, one skilled in therelevant art will appreciate that each identified aspect may beconsidered individually or as part of common inventive aspect.

FIG. 1 software update system 100 is a block diagram illustrative ofsoftware update system 100 in accordance with the present invention.Generally described, the software update system 100 may comprise one ormore client computing devices 110, an update service 120 and an externalupdate provider 130. Generally described, the update service 120 storesand manages the distribution of software updates that are communicatedto and installed on the client computing device 110. The softwareupdates may be provided by the update service 120 or by any number ofexternal update providers 130.

The client computing device 110, the update service 120, and theexternal update provider 130 electronically communicate via a network101. The network may be a local area network (LAN) or a larger network,such as a wide area network (WAN) or the Internet. By the use ofgenerally known software, the software update system 100 may beconfigured to exchange documents, commands, and other known types ofinformation between the client computing device 110 and the servers 121,122, 123 and 124 of the update service 120. As will be appreciated bythose skilled in the art and others, the software update system 100shown in FIG. 1 is a simplified example of one suitable system forimplementing the present invention and that the present invention is notlimited to this example.

As will be described in more detail below, one embodiment the updateservice 120 comprises a number of servers. As shown in FIG. 1, theupdate service 120 includes an update server 121 for managing theoverall processes of the update service 120 and coordinating processesof the servers 121, 122, 123 and 124 of the update service 120. Theauthorization server 122 generates authorization cookies as requested bythe client and, in turn, the authorization cookies are used to generateserver cookies, that allow client computers to access updates providedby the update service 120. The metadata server 123 provides generalinformation regarding the updates provided by the update service 120.The metadata server 123 allows the system of the present invention toidentify specific updates for a specific type of client computer or aspecific group of client computers. The download server 124 provides oneor more software components for delivering data files associated withsoftware updates provided by the update service 120.

The external update provider 130 may include one or more servers thatdistribute software updates. The external update provider 130 may beassociated with an entity that provides software, software updates, orother data that is to be distributed to groups of client computers. Forexample, the external update provider 130 may be associated with a thirdparty software developer desiring to use the update service 120 todistribute updates for one or more software applications. In anotherexample, the external update provider 130 may be associated withsoftware update system 120.

The client computing device 110 may be any computing device that storesand executes software applications 114. The client computing device 110may be formed from any one of a number of different computer productsincluding, but not limited to, personal computers (PCs), personaldigital assistants (PDAs), mobile telephones, two-way pagers, etc. Aswill be appreciated by those of ordinary skill in the art or others, thearchitecture of the client computing device 110 may take on any suitableform. For example, the client computing device 110 may include a networkinterface for providing communication with the network 101. The networkinterface may be configured for use with any wired or wireless networkconnection, and may be used with any suitable communication protocol,such as the TCP/IP protocol. In addition, the client computing device110 may include a processing unit, a display, and a memory unit. Thememory unit may store the program code necessary for operating theclient computing device 110, such as an operating system 1116. Inaddition, the memory unit stores an update management component 112 forcontrolling and executing processes of the present invention.

The software update system 100 stores software programs that, whenexecuted, implement the present invention. When executed, the softwareupdate system 100 stores, manages, and selectively communicates softwareupdates. As described more fully below, among many other benefits, thepresent invention provides a mechanism for defining and selecting targetgroups of client computing devices that are eligible to receive softwareupdates. The present invention also provides an improved mechanism fordownloading data files associated with software updates. Still further,the present invention provides a mechanism for controlling theinstallation behavior of a client computing device according toinstallation attributes associated with a software update.

For purposes of illustrating the present invention, a detaileddescription of a working example of the present invention is provided.In describing the working example, reference is made to software updatesthat may refer to a specific upgrade of a software application, e.g., anupgrade of a media player version 6.0 to media player version 7.0. Aswill be appreciated by those of ordinary skill in the art, such asoftware update may include the communication and installation of anumber of data files associated with the software update. Thus, forpurposes of illustrating the present invention, a distinction is madebetween a software update and an individual data file containing asoftware update.

With reference now to FIGS. 2-6, an illustrative interaction between thecomponents of the software update system 100 to update one or more fileson the client computing device 110 will be described. With reference toFIG. 2, the software update service is initiated by the transmission ofsoftware update information by one or more external update providers130. As described above, the external update providers 130 may beassociated with software update system 100. Alternatively, the softwareupdate information may be transmitted by third-party external updateproviders 130. In an illustrative embodiment of the present invention,the software update information can include software code utilized toupdate a file, software code utilized to replace a file, various rulesfor determining the applicability of the software updates, installationattributes for controlling installation behaviors, and/or displayinformation describing the software update. The transmission of thesoftware update information may be completed at any time and does nothave to be contemporaneous with the initiation of the other illustratedsoftware update component interactions.

Upon receipt of the software update information from the external updateprovider 130, the update service 120 generates one or more pieces ofdata to facilitate the transmission of update information. The data caninclude a patch storage file that corresponds to set of software deltapatches for updating different versions of a file. The data can alsoinclude a patch storage manifest that corresponds to an index mappingparticular file versions to a corresponding delta found in the patchstorage file. The data can further include a self-extracting file thatcorresponds to information the update agent will utilize to request andinstall specific software update data, as will be described in greaterdetail below. One skilled in the relevant art will appreciate that thegeneration of the patch storage file, patch storage manifest, and theself-extracting files may be completed at any time and does not have tobe contemporaneously with the other illustrated component interactions.

To initiate the transmission of software update information to clients,a client computing device 110 initiates an authentication request to theupdate service 120. In an illustrative embodiment of the presentinvention, the authentication request corresponds to an update protocolinteraction between the client computing device 110 and the updateservice 120, which will be described in greater detail below. Uponcompletion of the authentication, the update service 120 transmits anauthentication cookie to the client computing device 120. With referencenow to FIG. 3, the authenticated client computing device 120 theninitiates the synchronization of the available updates with the updateserver 120. In an illustrative embodiment of the present invention, thesynchronization request also corresponds to the update protocolinteraction between the client computing device 110 and the updateservice 120, which will be described in greater detail below. Upon thecompletion of the synchronization, the client computing device 110receives the information of all applicable software updates andinformation describing the updates. However, in an illustrativeembodiment of the present invention, no software code to instantiate theupdate has been downloaded.

With continued reference to FIG. 3, at sometime during the updateprocess, a selection of the updates to be installed is received. In anillustrative embodiment of the present invention, a user may bepresented with software update information received duringsynchronization and asked to select an appropriate update.Alternatively, the client computing device 110 may be configured in amanner to automatically select all applicable software updates. Further,the client computing device 110 may also have some rules that allow itto automatically select a subset of the available software updates.Still further, a user may initiate a selection of an update bycommunicating with the update service 120, such as via an internet Webpage.

With reference now to FIG. 4, the update management component 112instantiates an update agent 118 on the client computing device 110, ifan update agent is not already present. The update agent 118 thenrequests the transmission of a software update information package, suchas self-extracting file. The update agent 118 receives theself-extracting file and performs any updates to the installer, as willbe described below. Further, the update agent 118 can request anymissing or corrupted information from the update service 120.

With reference now to FIG. 5, once the update agent 118 receives thesoftware update information package, the update agent 118 performs aninventory of the files that are installed on the client computing device110. Based on a comparison of the inventory and the software updateinformation package, the update agent 118 determines which delta patch,or other update information, will be required to complete the selectedupdates. The update agent 118 then transmits a request for specificdelta updates. In one embodiment of the present invention, the requestfor software updates may correspond to a direct request transmitted viaa direct network connection, which will be referred to as a manualupdate. In another embodiment of the present invention, the request forsoftware updates may be a background request that is transmitted withoutrequiring overt user action. This embodiment will be referred to as anautomatic update.

In an illustrative embodiment of the present invention, if the softwareupdate corresponds to a delta patch, the update agent 118 transmits arequest to the update service 120 that identifies the particular deltapatch identified by the patch storage manifest. Alternatively, in theevent that a delta patch is unavailable or if several delta patches havefailed, the update agent 118 can initiate a fallback procedure. Thefallback procedure can include a request for the transmission of acomplete copy of the entire updated file from the patch storage file.The fallback procedure can also include a request for the transmissionof a complete copy of the entire updated file from in self-containedpackage.

In an illustrative embodiment of the present invention, the downloadserver 124 of the update service 120 can directly process the softwareupdate request from the update agent 118. Alternatively, the request canalso be processed by any number of additional external download serverssuch as traditional Web servers that have either received the requestedupdate delta patches from the update service 120. For example, acorporation may utilize an internal server to update client machines.Additionally, the request can be processed by external download serversin which some, or all, of the update delta patches are cached inprocessing previous requests. Accordingly, in this embodiment, thedownload can be distributed to a number of additional download serverscapable of servicing hyper text transfer protocol (“HTTP”) datarequests.

With reference to FIG. 6, once the software update information isreceived, the update agent 118 merges the delta patch with the installedfile to generate an updated file. Additionally, the update agent 118 canvalidate whether the merger successfully updated the appropriate file.As described above, if a delta patch cannot be validated, the updateagent 118 may request the delta patch again or request an entire updatedfile after a number of failures. Once the update agent 118 obtains thevalidated and update file, the file is installed on the client computingdevice 110.

FIG. 7 is a flow diagram of a software update processing routine 700illustrating the interaction between a client computing device 110 andthe software update service 120 in accordance with the presentinvention. At block 702, the software update service 120 authorizesaccess to the client computer 110. In an illustrative embodiment of thepresent invention, the authorization of access to the client computercan include the generation of a server-issued cookie for allowing accessto software updates that are associated with a particular group ofcomputers. A more detailed explanation of the authorization process willbe described with regard to FIG. 8.

At block 704, the client computer 110 and the software update service120 synchronize update information. In an illustrative embodiment of thepresent invention, the software update service 120 transmits metadatadescribing specific software updates to the client computing device 110.The metadata contains information describing the available softwareupdates to allow a user to select one or more updates for installation.A more detailed description of the synchronization process will bedescribed below with regard to FIGS. 9 and 10. At block 706, the clientcomputing device 110 obtains a selection of applicable updates todownload. In an illustrative embodiment of the present invention, theselection of applicable updates can correspond to the utilization of anumber of unique user interfaces to facilitate user selections. Theselection of user interfaces will be described in greater detail withregard to FIG. 11.

At block 708, the client computing device 110 processes the userselection of applicable software updates and interfaces with thesoftware update service 120 to request specific update information. Inan illustrative embodiment of the present invention, the clientcomputing device 110 selects and requests one or more applicable updatedelta patches. The update agent 118 on the client computing device 110can then process the requested data to implement the selected softwareupdate. At block 710, the routine 700 terminates.

With reference to FIG. 8, a protocol diagram 800 for authorizing accessto client computing devices 110 and corresponding to block 702 (FIG. 7)will now be described. In an illustrative embodiment of the presentinvention, the software update service 120 utilizes an extensibletargeting mechanism to control client computing device 110 access toupdates and other software. The software update service 120 incorporatesa mechanism that associates specific software updates with one or moretarget groups of client computing devices 110. For example, the softwareupdate service 120 may limit access of a specific hardware driver updateto a particular brand of client computing devices 110 having a specifichardware device. In such an example, the software update service 120 maydefine a target group of client computing devices 110 having aparticular brand name and a specific hardware device and limit thetransmission of the particular software download to the target group.

In an illustrative embodiment of the present invention, the extensibletargeting mechanism is facilitated by the use of software components(“authorization plug-ins”) that define a client computing device'smembership to one or more target groups. The presence of anauthorization plug-in on a client computing device 110 defines whetherthe client computing device belongs to the specific target group of theauthorization plug-in. A target group, for example, may include allcomputers having a valid product identification (“PID”) number for aparticular software application. In such an example, as described inmore detail below with respect to FIG. 8, an authorization plug-in 826may be installed in the client to read a PID from a memory module of theclient computing device and pass the obtained PID to a corresponding PIDserver plug-in 829. The corresponding PID plug-in, also referred toherein as PID validator 829, utilizes one or more methods to determineif the received PID is valid. Once it is determined that the PID storedon the client computing device 110 is valid, the server generates aserver cookie which indicates that the client computing device 110 is amember of a target group having a valid PID. In another example, atarget group may include client computing devices that are designated asbeta test computers.

In an illustrative embodiment of the present invention, theauthorization server 122 of the software update service 120 contains anumber of server authorization plug-ins that define a set of targetgroups of client computing devices that the authorization server willrecognize. Each server authorization plug-in contains components forcommunicating data with a corresponding client authorization plug-instored on a client computing device 110. In a similar manner, eachclient computing device 110 includes one or more client authorizationplug-ins that identifies the target groups to which the client belongs.In an illustrative embodiment of the present invention, the clientauthorization plug-ins can be installed in each client computing deviceduring the installation or upgrade of a software application, such asthe installation or upgrade of an operating system. Additionally, theserver authorization plug-ins may be dynamically installed or removed byan administrator desiring to control the access to software updates. Theauthorization plug-ins stored on the client computing device 110 and theauthorization server 122 can be an actual software plug-in, or theauthorization plug-ins can be hard coded into dynamically linkedlibraries.

As shown in FIG. 8, the authorization server 122 contains three exampleserver authorization plug-ins: (1) a first server authorization plug-in828 defining a target group that includes all computers (hereinafter the“All Computers target group”); (2) a second server authorization plug-in829 defining a target group that includes computers having a valid PID(hereinafter the “PID target group”); and (3) a third serverauthorization plug-in 830 defining a target group that includes betatest computers (hereinafter the “beta target group”). Also shown in FIG.8, the client computing device 110 contains two client authorizationplug-ins: (1) a first client authorization plug-in 825 indicating thatthe client computing device 110 is a member of the All Computers targetgroup; and (2) a second client authorization plug-in 826 indicating thatthe client computing device 110 is a member of the PID target group. Inthis example, the client computing device 110 does not contain anauthorization plug-in indicating that it is a member of the beta targetgroup. As will be appreciated by those of ordinary skill in the art,each client authorization plug-in 825 and 826 may be configured toexecute one or more functions on the client computing device 110 toassist the validation process. For instance, the second clientauthorization plug-in 826 may be configured to examine the memory of theclient computing device 110 to verify or obtain a PID for an installedsoftware application.

As shown in FIG. 8, the authorization sub-routine 702 begins when theclient computing device 110 communicates a configuration request 803 tothe authorization server 122. In an illustrative embodiment of thepresent invention, the configuration request 803 is formed from anysuitable software component configured to obtain information describingthe authorization plug-ins stored on the authorization server 122. Aswill be appreciated by those skilled in the art, the configurationrequest 803 may utilize a known method referred to as “GetConfig.” Inresponse to receiving the configuration request 803, the authorizationserver 122 communicates a configuration response 804, which includesinformation identifying all of the authorization plug-ins stored on theauthorization server 122. In one embodiment, the configuration response804 includes an array of strings that identifies and describes allauthorization plug-ins stored on the authorization server 122. In thepresent example, the configuration response 804 includes informationthat identifies the first server authorization plug-in 828, the secondserver authorization plug-in 829, and the third server authorizationplug-in 830.

At block 805, the client computing device 110 generates one or moreauthorization cookies in response to receiving the configurationresponse 804. In the process of block 805, the client computing device110 generates an authorization cookie for each pair of matching clientand server authorization plug-ins. Thus, in the present example, thefirst client authorization plug-in 825 generates a first authorizationcookie associated with the All Computers target group because the firstclient authorization plug-in 825 and the first server authorizationplug-in 828 are both associated with the All Computers target group. Inaddition, the second client authorization plug-in 826 generates a secondauthorization cookie associated with the PID target group because thesecond client authorization plug-in 826 and the second serverauthorization plug-in 829 are both associated with the PID target group.A third authorization cookie is not generated since the client computingdevice 110 does not have an authorization plug-in indicating that it isa member of the beta target group.

As will also be appreciated by those skilled in the art, oneimplementation of the process of block 805 may include the use of agenerally known software method referred to in the art as“GetAuthCookie.” It will also be appreciated that the generation of eachauthorization cookie may involve additional processing. For instance,the second client authorization plug in 826 may be configured to examineinformation stored in the client's system registry to retrieve a PID andinclude the PID in the authorization cookie. In other examples, theprocess of block 805 may include processes for communicating with othercomputers or devices. For instance, a client authorization plug-in maycommunicate with a device, such as a sound card, scanner, video card,etc., to obtain the make and model of the device. In other non-limitingexamples, a client authorization plug-in may communicate with a securitydevice, such as a fingerprint reader, to obtain information describing auser.

In general, a client authorization plug-in may read configurationinformation from any component of the client computing device 110 or anyother computing device communicatively connected to the client computingdevice 110. In other examples, a client authorization plug-in may beconfigured to utilize one or more public or private applicationprogramming interfaces (APIs) to gather and encrypt information from theclient that will be validated by the corresponding server plug-in. Insuch examples, PID validator plug-in 826 uses a private API to encryptthe client's PID to pass the encrypted PID to the server for decryptionand validation. In other embodiments, other client authorizationplug-ins may utilize biometric measurements, such as fingerprint readersor voice prints, to construct an authorization cookie to be passed tothe server for validation. In yet another example, a clientauthorization plug-in may call a Web service or any other service tocommunicate authorization credentials or any other type of data to theauthorization server 122.

In an illustrative embodiment of the present invention, eachauthorization cookie includes a string that identifies an associatedtarget group. For example, a string may indicate that a particularauthorization cookie is associated with the PID target group. Eachauthorization cookie also includes a data section for communicating databetween a client and a server. For example, an authorization cookieassociated with the PID target group may have a data section thatcontains an actual PID. As will be appreciated by those of ordinaryskill in the art, the data section can contain any type of data that isstored in any format, such as a byte array. For example, if plug-ins onthe client and the server require the communication of public andprivate keys, such data can be encrypted in the data section of one ormore authorization cookies.

Once the client computing device 10 generates an authorization cookiefor each pair of corresponding client and server authorization plug-ins,the client computing device communicates the generated authorizationcookies to the authorization server 122. As shown in FIG. 8, the clientcomputing device 110 communicates the authorization cookies in a cookierequest 806. The cookie request 806 includes any suitable format forcommunicating an array of the authorization cookies generated in theprocess of block 805. One implementation of this part of theauthorization method 702 may include the use of a generally knownsoftware method referred to in the art as “GetCookie.”

In one embodiment, the cookie request 806 also includes otherauthorization server cookies stored in the memory of the clientcomputing device 110. As will become more readily understood from thefollowing description, the memory of the client computing device 110 maystore old authorization server cookies that were created in previousexecutions of the authorization routine 700. By providing the storedauthorization server cookies in the cookie request 806, the clientcomputing device 110 will be able to maintain its access privileges thatwere granted in the previous executions of the authorization sub-routine702. In the present example, since there are no authorization servercookies stored in the client, the cookie request 806 includes the firstauthorization cookie associated with the All Computers target group andthe second authorization cookie associated with the PID target group.

Next, as shown in block 807, in response to receiving the cookie request806, the authorization server 122 generates a server cookie. In oneembodiment, for each of the received authorization cookies, a call ismade to an appropriate server authorization plug-in to generate servercookie data. The server cookie data generated by each serverauthorization plug-in includes an identifier for each target groupidentified in the received authorization cookies. In the presentexample, since the cookie request 806 includes the first authorizationcookie associated with the All Computers target group and the secondauthorization cookie associated with the PID target group, theauthorization server 122 generates server cookie data containing anidentifier for these respective target groups. On the authorizationserver 122, the server cookie data is then combined with data of oldserver cookies, if an old server cookie is received in the cookierequest 806, to generate a new server cookie. In one embodiment, the newserver cookie is encrypted by the use of a publically availableencryption method, such as Triple DES.

In an illustrative embodiment of the present invention, the servercookie can include encrypted information that identifies one or moreassociated target groups. In addition, the server cookie can includeexpiration data, which is stored in both a clear text format and anencrypted format. The expiration data stored in the clear text format isused by the client computing device 110 for monitoring for theexpiration of the server cookie. The expiration data stored in theencrypted format is used by software update service 120 to determine ifthe client computing device 110 is authorized to receive updatesassociated with a particular target group. In one embodiment, theexpiration data of the server cookie applies to all target groupsidentified in the server cookie. Alternatively, or in addition to theexpiration time that applies to the entire server cookie, the servercookie may include a plurality of expiration data, each of which mayapply to individual target groups. As will be appreciated by those ofordinary skill in the art, each server cookie can include additionaldata. For instance, a server cookie may be configured to store clientstate information, such as a time stamp of the last execution of theauthorization sub-routine 702.

Once generated, the authorization server cookie 809 is communicated fromthe authorization server 122 to the client computing device 110. Next,as shown in block 811, the server cookie is then stored in the memory ofthe client computing device 110. When the client computing device 110determines that at least one component of the server cookie has expired,the client computing device can re-execute the authorization method 702to obtain a new server cookie. As mentioned above, in each subsequentexecution of the authorization method 702, the client computing device110 may communicate its stored server cookies to the authorizationserver 122 in the cookie request 806. In one embodiment, the client doesnot have to send the request 803 unless the server informs the clientthat the server configuration has changed, i.e., a new authorizationplug-in has been added.

In accordance with another aspect of the present invention, the softwareupdate service 120 may provide a synchronization sub-routine forsynchronizing update information between the metadata server 123 and theclient computing device 110. By the use of a unique software updatehierarchy, the synchronization sub-routine can efficiently identifyspecific updates that apply to a particular client computing device. Inaddition, by the use of the server cookie generated in the authorizationsub-routine 702, the synchronization sub-routine can selectively grantaccess to updates associated with specific target groups.

In accordance with an illustrative embodiment of the present invention,each software update includes three components: (1) an instructioncomponent; (2) a localized data component; and (3) a data component. Aswill be appreciated by one of ordinary skill in the art, each update mayhave one or more of the above-described components. For example, anupdate may contain an instruction component, a localized data component,and a data stream component. In another example, an update may onlycontain an instruction component for testing one or more conditions of aclient computing device. The various components of the software updatesare described in more detail below.

Generally described, the instruction component contains twosub-components: (1) an applicability rule that defines one or moreconditions to be tested by a client computing device 110; and (2) a setof prerequisites that identifies one or more updates that are requiredfor proper installation of an individual update. As described below, theapplicability rule can define a number of conditions related a computer,and each of the conditions can be associated with other conditions bythe use of any logical operators. For example, the instruction componentmay include an applicability rule to determine if a computer has aparticular version of Windows® installed. As also described below, theset of prerequisites can identify one or more updates that are requiredto have been previously installed. For example, as described in moredetail below with reference to FIG. 9, an individual update may containa prerequisite that lists other updates required for the properinstallation of the individual update. In other examples, as is alsoshown in FIG. 9, the set of prerequisites can include the use of logicaloperators to define more complex prerequisites rules.

The instruction component also contains code, such as a Boolean flag,that indicates if there are other updates that depend from a particularupdate. For illustrative purposes, an update is considered to be a LEAFupdate if there are no other updates that depend from a particularupdate. The Boolean flag that is used to indicate if an update is a LEAFis dynamically updated by the metadata server 123 as related updates areadded or removed.

The localized data component of each update includes general informationdescribing the update. For instance, the localized data component mayinclude information describing the features and benefits of the update.The localized data component may also include a text description of theinstallation procedures of the update. In addition, the localized datacomponent may include any other data or information related to theupdate. For instance, the localized data may indicate that an update isa high priority update. In another example, the localized data mayprovide special installation messages, such as a message that indicatesthat an update cannot be installed with other software updates. Yetfurther, the localized data may include installation attributes forcontrolling the installation behavior of the client computing devicewhile installing a software update. The localized information may be ina format that allows for the display of its contained information to auser.

The data component of each update includes one or more binary datastreams of the update. In one embodiment, the data component of eachupdate may be associated with one or more data files, such as anexecutable file, a document, a linked library, etc. As described in moredetail below, each update may be associated with a combination of datafiles, each of which facilitates the actual upgrade, installation, ormodification of software used by the client. For instance, theinstallation of an update may be facilitated by the use of a single CABfile including all the information required to complete a selectedupdate. Alternatively, the installation of the update may be facilitatedby use of a number of individual updates used to update one or morefiles stored on a client computing device.

In an illustrative embodiment of the present invention, software updatescan be arranged in a hierarchy that allows for controlled distributionof the software updates. Generally described, the hierarchy of updatesdefines relationships between the updates and specifically indicateswhich updates are dependent on other updates. For illustrative purposes,an example set of updates is provided and shown in FIG. 9. As shown, ahierarchy of sample updates 900 includes a base set of updates 901, asecond set of updates 902, and a third set of updates 903. In general,each update in the base set of updates 901 does not have a prerequisitethat requires the installation of other updates. However, the sixthupdate 921 contains a prerequisite that requires the installation of thefirst update 911, the second update 912, and the third update 913. Theseventh update 922 contains a prerequisite that requires theinstallation of the fourth update 914. The eighth update 931 contains aprerequisite that requires the installation of the sixth update 921 andthe fifth update 915. Hence, the eighth update 931 also requires theinstallation of the first update 911, the second update 912, and thethird update 913. For purposes of illustrating the present invention, itis given that all of the updates of the sample set of updates 900 areall associated with the All Computers target group and the PID targetgroup.

Also shown in FIG. 9, and as described in more detail below, each updatecontains an applicability rule that specifies conditions for theinstallation of the update. For example, the first update 911 requiresthe installation of an English version of an operating system. Thesecond update 912 requires the installation of Windows® XP version SP1.In another example, the sixth update 921 requires the installation of asoftware patch referred to as the XP PATCH1. Accordingly, the clientcomputing device 110 will not install the updates if the applicabilityrules have not been satisfied.

FIG. 9 also shows the section of the instruction component thatindicates if there are other updates that depend from a particularupdate. This section is referred to as a LEAF, which may be in the formof a Boolean value indicating that a software update is the last updateof a series of related updates. For purposes of illustrating theinvention, a particular update is a LEAF update if no other updates listthat particular update as a prerequisite. As shown in FIG. 9, theseventh update 922 and the eighth update 931 are the only two LEAFupdates.

FIG. 10 illustrates a protocol diagram of a synchronization sub-routine704 (FIG. 7) formed in accordance with the present invention. Generallydescribed, the synchronization sub-routine 704 selectively communicatesthe instruction components of certain updates between the clientcomputing device 110 and a server, such as the metadata server 123, toidentify updates that can be applied to the client computing device 110.As shown in FIG. 10, to initiate an update, the client computing device110 first processes installed updates and communicates a synchronizationrequest 1051 to the metadata server 123 requesting one or more updatesavailable to the client. In response to receiving the synchronizationrequest 1051, the metadata server 123 returns a number of updates to theclient computing device 110. As will be more readily understood from thefollowing description, the client computing device 110 processeslocally-stored data prior to the communication of the synchronizationrequest 1051.

The client computing device 110 processes the instruction components ofeach received update to determine if the condition defined in theapplicability rules can be met. If the condition defined in anindividual update is met, for purposes of illustrating thesynchronization sub-routine 1050, the individual update is “installed,”and the installed update is saved in a first component of the client'supdate cache. On the other hand, if the condition defined in anindividual update is not met, individual update is considered to be“failed,” and the failed update is saved in a second component of theclient's update cache. In this description of the synchronizationsub-routine 1050, if an update is installed it can be assumed that theprerequisites and the conditions of the applicability rules have beenmet. Installation of an update for purposes of describing thissub-routine does not necessarily mean that the data files associatedwith the update are actually installed in the client computing device110.

In one embodiment, the two components of the client's update cache canbe used to categorize the received updates. The first component is usedfor storing installed, non-LEAF updates; and a second component is usedfor storing all other updates received by the client, i.e., the updatesthat were not installed. The second component of the update cache alsoincludes the storage of all LEAF updates. As described in more detailbelow, updates stored in the update cache can be communicated to andprocessed by the metadata server 123 to identify other related updatesthat are available for installation on the client computing device 110.

Returning now to FIG. 10, details of the synchronization request, whichare illustrated as items 1051, 1055, and 1060, will now be described. Aswill be appreciated by those of ordinary skill in the art, thesynchronization request may be initiated by one of a number of differentdevices, processes, applications, user-initiated commands, requesting anupdate. The synchronization request may be initiated by a userrequesting a list of updates, an automatic update initiated by theclient agent, or any other software component requesting informationfrom the metadata server 123 or the update service 120. In oneembodiment, the synchronization request includes an authorization servercookie, such as the authorization server cookie generated from theauthorization routine 702. The use of the server cookie allows theserver to determine if the client is a member of one or more targetgroups.

Each synchronization request may also include identifiers for eachupdate stored in the client's update cache. More specifically, if one ormore updates are stored in the update cache, the synchronization requestincludes a first component having identifiers for installed, non-LEAFupdates; and a second component having identifiers for all otherupdates, such as LEAF updates, failed updates, and other updates thatare not installed. The update identifiers may be in any formatincluding, but not limited to, an array of integers. Alternatively, ifthere are no updates stored in the client's update cache, thesynchronization request is not configured with an update identifier.When a synchronization request is not configured with an updateidentifier, the synchronization request provides an indication that theclient computing device 110 does not have any cached updates.

As shown in FIG. 10, a first synchronization request 1051 iscommunicated from the client computing device 110 to the metadata server123. In the present example, the client's update cache will not containany updates, given that this is the first execution of the method. Thus,the first synchronization request 1051 does not contain an identifierfor a cached update. In response to receiving a synchronization request,as shown in block 1052, the metadata server 123 determines if thesynchronization request contains at least one update identifier. If itis determined that the synchronization request does not include anupdate identifier, the metadata server 123 responds by selecting firstlevel updates for communication to the client computing device 110. Asdescribed above, first level updates may include any updates that do nothave a prerequisite identifying other updates.

Alternatively, if it is determined that a synchronization requestcontains at least one update identifier, the metadata server 123examines the prerequisites of the server's stored updates to selectadditional updates for delivery to the client. In one embodiment, themetadata server 123 selects updates having fulfilled prerequisites. Inthe examination of the prerequisites, the server uses the updates of thefirst component of the synchronization request, which includesidentifiers of the non-LEAF updates that are installed on the client.

In addition to selecting updates having fulfilled prerequisites, theserver also uses the updates identified in the second component of thesynchronization request to filter the selected updates. Morespecifically, uninstalled updates, LEAF updates and failed updatesidentified in the second component of the synchronization request areused to filter one or more selected updates. This feature of the presentinvention allows the system and method of the present invention to avoidmultiple transmissions of updates stored on the metadata server 123.

Returning to the present example, since the first synchronizationrequest 1051 does not include an update identifier, the metadata server123 selects the base level of updates 901 for communication to theclient computing device 110. With reference to the sample set of updatesshown in FIG. 9, the base level of updates 901 includes the updatesreferenced as 911, 912, 913, 914, and 915.

In the processing of block 1052, the metadata server 123 also examinesthe authorization server cookie contained in the synchronization request1051 to identify the target groups that are associated with the clientcomputing device 110. The metadata server 123 also examines the targetgroups of the updates selected in the process of block 1052. The processof block 1052 then filters out all selected updates that are notassociated with a target group identified in the received authorizationserver cookie. In the present example, since all of the selected updates911, 912, 913, 914, and 915 are associated with the PID and All Computertarget groups, all of the selected updates are sent to the clientcomputing device 110.

The metadata server 123 then communicates the selected updates in asynchronization response 1053 to the client computing device 110. Ingeneral, each synchronization response includes the instructioncomponent of each update sent by the server 120. Thus, in the presentexample, the first synchronization response 1053 includes theinstruction components for the updates referenced as 911, 912, 913, 914,and 915. In one embodiment, each synchronization response does notinclude the localized data component or the data component of eachupdate.

Next, as shown in block 1054, the client computing device 110 processesthe instruction components of each received update to determine if thecondition defined in the applicability rules can be met. With referenceagain to FIG. 9, the client computing device 110 processes theinstruction components of the received updates 911-915. For purposes ofillustrating the present invention, it is given in this example that theoperating system of the client computing device 110 is an Englishinstallation of Windows® version XP SP1. It is also given that theclient computing device 110 is a Dell PC and is running a 32-bit, X86processor. Thus, in the processing of the instruction components of thesample set of updates, the client computing device 110 would determinethat the condition defined in the first update 911 would be met becausethe computer contains an English OS. The condition defined in the secondupdate 912 would be met because the operating system is Windows® versionXP SP1. The condition defined in the third update 913 would be metbecause the client computing device 110 is running an X86 processor. Thecondition defined in the fifth update 915 would be met because theclient computing device 110 is a Dell PC. As a result, the first update911, second update 912, third update 913, and fifth update 915 are allsaved in the first component of the client's update cache. The conditiondefined in the fourth update 914 would not be met because the clientcomputing device 110 is not running a 64-bit X86 processor. Thus, thefourth update 914 is considered to be a failed update and saved in thesecond component of the client's update cache.

Returning to FIG. 10, in the processing of block 1054, the clientcomputing device 110 also determines if a subsequent synchronizationrequest is required. In one embodiment, it is determined that asubsequent synchronization request is required if at least one of thereceived updates indicates that it is not a LEAF update. In the presentexample, it is determined that a subsequent synchronization request isrequired because all of the received updates are not LEAF updates. Thus,the client computing device 110 communicates a subsequentsynchronization request 1055 to the metadata server 123.

As summarized above, a synchronization request includes identifiers foreach update stored in the client's update cache. Thus, in the presentexample, the subsequent synchronization request 855 includes a firstdata component indicating that the first update 711, second update 712,third update 713, and fifth update 715 are installed on the client. Inaddition, the subsequent synchronization request 855 includes a seconddata component indicating that the fourth update 711 is not successfullyinstalled on the client.

In response to receiving the subsequent synchronization request 1055, assummarized above, the metadata server 123 determines if the subsequentsynchronization request 1055 contains at least one update identifier. Ifit is determined that subsequent synchronization request contains atleast one update identifier, the metadata server 123 examines theprerequisites of all stored updates to select additional updates fordelivery to the client.

With reference again to the present example, in the processing of block856, the metadata server 123 would select the sixth update 921 becauseits prerequisites are met. More specifically, as shown in FIG. 9, thesixth update 921 is selected for communication to the client computingdevice 110 because its prerequisite, which requires installation of thefirst update 711, second update 912, and third update 913, is fulfilled.The seventh update 922 and eighth update 931 would not be selected forcommunication to the client because their prerequisites are notfulfilled. More specifically, the synchronization request 1055 did notcontain an identifier for the fourth update 914, which is a prerequisitefor the seventh update 922. In addition, the synchronization request 855did not contain an identifier for the sixth update 921, which is aprerequisite for the eighth update 931.

Returning to FIG. 10, the synchronization sub-routine 1050 continues bycommunicating the selected updates in a subsequent response 1057 fromthe metadata server 123 to the client computing device 110. Withreference again to the present example, the subsequent response 1057would include information related to the sixth update 721, iscommunicated to the client 10 in a subsequent response 1057.

Upon receiving the subsequent response 1057, the client computing device110 processes the instruction components of the subsequent response 857.Similar to the process of block 854, the client computing device 10processes the instruction components of each received update todetermine if the condition defined in the applicability rules is met. Inthe present example, if it is given that the XP PATCH1 is installed inthe client computing device, the sixth update 921 is considered to beinstalled and the update is written to the update cache of the clientcomputing device 110. Since the sixth update 921 is not a LEAF update,the client computing device 110 sends another synchronization request1060 that includes all of the updates stored in the first and secondcomponent of the client's update cache. The synchronization request 1060also includes the authorization server cookie.

In the present example, by use of the above-described processing of themetadata server 123, the synchronization request 1060 is processed atblock 1061 where the server selects the eighth 731 update. The eighth931 update is selected because the synchronization request 1060indicates that the fifth and the sixth updates 915 and 921 are installedin the client computing device 110. Given that the eighth update 931 isassociated with the same target groups identified in the authorizationserver cookie, the instruction component of the eighth update 931 iscommunicated to the client computing device 110 in another response1062. The eighth update 931 is then processed in block 1063 in a mannersimilar to the process of blocks 1054 and 1059. Since all of thereceived updates of the response 1062 are LEAF updates, a subsequentsynchronization request is not sent back to the metadata server 123.

At the client computing device 110, after it is determined that all ofthe received updates are LEAF updates, or if no updates are received inthe response 1062, the synchronization sub-routine 1050 communicates adriver synchronization request 1064 from the client computing device 110to the metadata server 123. As will be appreciated by one of ordinaryskill in the art, the driver synchronization request 1064 may includeinformation describing all of the hardware installed in the clientcomputing device 110 and information describing the installed software.Similar to the prior software synchronization requests (1051, 1055 and1060), the driver synchronization request 1064 may communicate theinstalled updates to the server. In addition, all of the driver updatescurrently cached on the client, if any, are communicated to the server.

In response to receiving the driver synchronization request 1064, themetadata server 123 responds by sending all of the driver updates thatapply to the client computing device 110 that are not already cached onthe client. A driver update is sent to the client computing device 110in a response 1065 if its prerequisites and conditions are met. Theresponse 1065 communicating the driver updates preferably communicatesthe instruction component of each update. The driver updates are thenwritten to the update cache of the client computing device.

After the receiving the response 1065 containing the driver updates, thesynchronization sub-routine 1050 sends a request 1066 for the localizeddata of each of the received software and hardware updates. Assummarized above, the localized data component of each update includesgeneral information describing the update. For instance, the localizeddata component may include information describing the features andbenefits of the update. The localized data component may also include atext description of the installation procedures of the update. Inaddition, the localized data component may include any other data orinformation related to the update, such as installation attributes forcontrolling the installation behavior of the client computing deviceduring the update installation process.

Thus, upon receiving request 1066 for the localized data of each of thereceived software updates and hardware updates, the metadata server 123responds by sending all of the localized data for all of the receivedsoftware updates and hardware updates saved in the update cache of theclient. Once received, the localized data can be processed by a softwareapplication to determine which of the updates needs to be installed.Alternatively, the received localized data can be displayed to a user toinform the user of all updates that are available to the clientcomputing device 110. In one embodiment, the received localized data canbe displayed on a Web page. In the present example, localized data maybe received by the client for the sixth and eighth updates 921 and 931.If localized data is stored in the base updates 911, 912, 913 and 915,the localized data for those update would also be received by theclient.

FIG. 11 illustrates one example of a Web page 1100 displaying an exampleof localized data associated with the updates that are available to theclient. For illustrative purposes, the Web page 1100 comprises a firstdetailed description 1105 of an update and a second detailed description1106 of another update. Also shown, each update is respectivelyassociated with selection mechanisms 1103 and 1104 for receiving a userselection of the updates. Also shown, the Web page 1100 is configuredwith a control button 1101 for allowing a user to control thecommunication of the selection of updates to a server, such as themetadata server 123 or download server 124.

In one aspect of the present invention, the client performs a number ofprocesses to enhance the display of the Web page 1100. For instance, theclient computing device 110 examines the localized data of each updateto determine if a particular update is of high priority. Such a featurecan be facilitated by locating text in the localized data, or in othercomponent of a particular update, that indicates that the particularupdate is a high priority or emergency update. If the client computingdevice 110 detects a high priority update or emergency update, theclient displays the high priority update in a visible section of the Webpage 1100, such as the top section of the page. In addition, the clientmay generate a visual indicator, such as a specialized text message1120, indicating that the update is a high priority update.

The client computing device 110 may also examine the localized data ofeach update to determine if a particular update requires an exclusiveinstallation, i.e., an update having an installation file that cannot besimultaneously installed with an installation file of another update.Such a feature can be facilitated by locating text in the localizeddata, or in other component of a particular update, that indicates thatthe particular update requires an exclusive installation. If the clientcomputing device 110 detects such an update, the client displays avisual indicator, such as the text message 1122 shown in FIG. 11, withthe description of the updates that require an exclusive installation.

Returning to FIG. 7, the software update routine 700 continues at block708 where the client computing device 110 receives a selection of theupdates. As noted above, in response to actuation of the control button1101, the selection of the one or more updates can be obtained by themetadata server 123 or the download server 124. Once the selection ofone or more updates is received the software update routine 700continues at block 708 where the selected software updates areprocessed.

In accordance with still another aspect of the present invention, thesoftware update service 120 may provide a method for selecting andtransmitting information between the software update service and theclient computing device 110. FIGS. 12A and 12B are illustrative of asoftware update processing sub-routine 1200 implemented by the clientcomputing device 110 to retrieve and install requested software inaccordance with the present invention. As described above, the softwareupdate processing sub-routine 1200 may be implemented once a selectionof software updates has been generated or received. With reference toFIG. 12A, at block 1202, the update management component 111instantiates an update agent 118. In an illustrative embodiment of thepresent invention, the update agent 118 is a specialized softwarecomponent for determining what software update information is requiredto completed a requested software update, to generate a required versionof an installation component of the update agent, to generate updatedfiles by merging existing files with delta patches, and/or to initiatethe installation of updated files. In the event that an update agent 118is already instantiated, block 1202 may be omitted.

At block 1204, the update agent 118 obtains software update informationfrom the update service 120. In an illustrative embodiment of thepresent invention, the software update information transmitted by theupdate service 120 is in the form of a package, such as aself-extracting file, that includes a variety of data that may beutilized by the update agent. In one aspect, the package can include alist of all the files that correspond to a particular software update.Additionally, the package can include copy of at least a portion of thepatch storage manifest that maps specific versions of files to beupdated to a corresponding software update delta patch stored in thepatch storage file on the update service 120. The package can alsoinclude installation information for each file to be updated that caninclude an identification of a version of an installation componentrequired to complete the installation. Further, the package can alsoinclude an installation component for the update agent 118 or a deltapatch to update a version of an installation component already stored onthe client computing device 110. Still further, the package can includeverification information to allow the update agent to determine whethera software update was successful. For example, the verificationinformation can include reference hash values for updated files forcomparison. The update agent 118 may also verify the contents ofpackage.

At decision block 1206, a test is conducted to determine whether theupdate agent 118 needs to update a version of the installation componentto implement the update. One skilled in the relevant art will appreciatethat the transmission of a complete copy of an installation component inthe self-extracting file can increase the amount of data transmitted bythe update service 120 for each software update. Accordingly, in anillustrative embodiment of the present invention, a baseline version ofan installation component may be stored in the client computing deviceand updated specifically for the requirements of the current softwareupdate by way of an installation component delta patch. Accordingly, theinstallation information in the self-extracting file instructs theupdate agent 118 whether or not any included installation componentupdates need to be merged with the baseline version of the installationcomponent on the client computing device 110. If an update is required,at block 1208, the update agent 118 updates the baseline installationcomponent, as will be explained in greater detail below with regard toFIG. 13.

Once the update agent updates the installation component or if theinstallation component does not require an update, at block 1210, theupdate agent 118 performs an inventory of files installed on the clientcomputing device 110 and the specific version of the file. In anillustrative embodiment of the present invention, the update agent 118may query the client computing device 110 file system for all filesidentified in the package as corresponding to the selected update.Alternatively, if the update agent 118 has recently conducted aninventory, a cached version of the inventory may be utilized. At block1212, the update agent 118 identifies what software update informationis required to complete the requested update. In an illustrativeembodiment of the present invention, the patch storage manifest includesa mapping of versions of an installed file to a required delta patch.Accordingly, if delta patching is available, the update agent 118 willutilize the mapping to identify a particular delta patch and its offsetlocation within the patch storage file. Alternatively, if delta patch isnot available or cannot implemented, the update agent 118 may identifyan entire file for download.

With reference now to FIG. 12B, at block 1214, the update date agenttransmits a request for the identified software update information. Inan illustrative embodiment of the present invention, the update agent118 can transmit a request for specific delta patches by indicating aspecific range of patches required from the patch storage file to thedownload server 124 of the update service 120. As described above, thepatch storage file includes a large of number of applicable deltapatches, in which each delta patch is identified by its location withthe patch storage file. Because the patch storage file may be ratherlarge in some implementations, the update agent 118 can utilize arequest that only requests for data from specific locations in the patchstorage file as indicated from the patch storage manifest. In analternate embodiment of the present invention, the update agent 118 mayrequest an entire copy of an update file and/or a complete copy of thepatch storage file.

In an alternate embodiment of the present invention, another downloadserver that may not be exclusively associated with the update service120 can process the update agent 118 request. In this embodiment, therequest patch storage file may be transmitted, in whole or in part, toany number of additional download servers on a network. The additionaldownload servers may be part of a private network utilized to updateclients on the private network. Further, the additional download servermay be part of public network. In a private network environment, thedownload servers may obtain a complete copy of the patch storage filefor processing client requests. Alternatively, the download servers mayalso cache portions of the patch storage file in processing previousdata requests from other clients and utilize the cache data to satisfythe download. Accordingly, the additional download servers can reducethe communications strain on the download server 124 of the updateservice 120.

At block 1216, the update agent 118 receives the requested updateinformation. In an illustrative embodiment of the present invention, therequested update information may be transmitted in two approaches. In afirst approach, referred to as manual update, the update request is sentto the update service 120 with a request for a direct HTTP data deliveryresponse. In this approach, the update service 120 may utilize all ofthe entire bandwidth available to transmit the requested data to theupdate agent 118. In a second approach, referred to as an automaticupdate, the update request is sent to the update service 120 with arequest for an indirect HTTP data delivery response. In this response,the update service 120 transmits the requested data as a backgroundprocess. The background process may be implemented in a manner toutilize a minimal amount of available bandwidth. Further, the backgroundprocess may be interrupted during the download process and restarted atthe next available time. A description of a system and method fortransmitting requested data via a background process is described incommonly assigned and copending U.S. patent application Ser. No.09/505,735, entitled System and Method for Transferring Data Over aNetwork, and filed on Feb. 16, 2000, which is hereby incorporated byreference. One skilled in the relevant art will appreciate thatforeground or background data delivery is not necessarily reflective ofa priority of the selected software update, but rather how bandwidth isallocated to obtain the update information.

Once the requested in formation is received from the update service, atblock 1218, the update agent 118 merges the delta patch with thecorresponding installed files. In an illustrative embodiment of thepresent invention, the update agent 118 may cache the original versionof the installed file to ensure that the selected file does not changeduring the download and merging process. Further, the cached originalversion of the installed file may be used to uninstall the selectedupdate.

At decision block 1220, a test is conducted to determine whether theupdated file is valid. In an illustrative embodiment of the presentinvention, the update agent 118 may utilize a hashing algorithm tocompare a reference hash value obtained from the update informationpackage and corresponding to a valid file update with a hash from thecurrent modified file. If the hashes do not match, the current modifiedfile is not valid. One skilled in the relevant art will appreciate thatany one of a number of alternative validation algorithms may also beutilized. If the updated file is not valid, the sub-routine 1200 returnsto block 1214, where the update agent may request the update informationagain. Alternatively, if the update agent 118 has unsuccessfullyattempted to generate the update file several times, the update agentmay implement one of several fallback procedures. In one embodiment ofthe present invention, the update agent 118 may request a completed copyof the updated file stored in the patch storage file and identified fromthe patch storage manifest from the update service 120. In anotherembodiment of the present invention, the update agent 118 may request acopy of the updated file in a self-contained file from the updateservice 120. In still another embodiment of the present invention, thesub-routine 1200 may otherwise fail.

Once the selected file is valid, at decision block 1222, a test isconducted to determine whether any additional downloads are required. Inan illustrative embodiment of the present invention, the sub-routine1200 enters into an iterative loop that continuously checks foradditional downloads after the completion of a previously selecteddownload. If the state of a file changes during the download, the updateagent 118 would continue to request additional downloads for the newchange of state. If additional downloads are required, at block 1224,the update agent 118 performs another inventory and identifies allapplicable delta patches. The sub-routine 1200 then returns to block1214.

Once all the requested update downloads are complete, at decision block1226, a test is conducted to determine whether the state of the clientmachine has changed. In an illustrative embodiment of the presentinvention, time may elapse between the downloading and merging of updateinformation and the actual installation of the updated file.Accordingly, prior to installing the updated file, the update agentdetermines whether the client computing device state has changed. If thestate has changed, the file update may not be valid and the update failsat block 1228. Alternatively, if no state change has occurred, theupdate agent 118 installs the updated file at block 1230 and thesub-routine 1200 returns at block 1232. An exemplary routine forinstalling an update on a client computing device 110 according toinstallation attributes is described below in regard to FIGS. 14A and14B.

With reference now to FIG. 13, a sub-routine 1300 implemented by theclient computing device 110 for updating a baseline installationcomponent corresponding to block 1208 (FIG. 12A) will be described. Atdecision block 1302, a test is conducted to determine whether a newbaseline installation component is included in the self-extracting filetransmitted to the update agent 118 from the update service 120. In anillustrative embodiment of the present invention, if the delta patchesrequired to update the baseline installer are comparable in size to thetransmission of an updated installation component, a new baselineinstallation component will be transmitted. If an updated installationcomponent is included, at block 1304, the update agent installs theupdated baseline installation component as the new installationcomponent. Additionally, the new updated installation component may besaved in the client computing device 110 memory to serve as a baselineinstaller for additional updates. At block 1306, the sub-routinereturns.

If an updated baseline installation component is not included in theself-extracting file, at block 1308, the update agent 118 obtains abaseline installation component delta patch from the self-extractingfile. In an illustrative embodiment of the present invention, thebaseline installation component delta patch corresponds to software codethat can be merged with the baseline installation component to generatean updated baseline installation component. Accordingly, at block 1310,the updated agent merges the baseline installation component delta patchwith the baseline installation component. At block 1312, the updateagent 118 then designates the updated baseline installation component asthe current installation component. In an illustrative embodiment of thepresent invention, the updated installation component will not be savedafter the installation is complete. In accordance with this embodiment,the update agent 118 only maintains a limited number of baselineinstallation components in the client computing device 110 memory.Accordingly, the update agent generates a temporary, updatedinstallation component at each installation. Because each clientcomputing device 110 can only correspond to a limited number of baselineinstallation components, the update service 120 is only required totransmit a single baseline installation component delta patch for eachclient computing device. At block 1314, the sub-routine 1300 returns.

As mentioned above, current software update approaches ultimately placeall installation control it is often desirable to provide some measureof control to a system administrator and/or a software provider.According to aspects of the present invention installation attributesfor controlling aspects of an update installation may be included in thelocalized data of a software update, as described above in regard toFIG. 7. In one embodiment, the installation attributes include, but arenot limited to, mandatory, deadline, priority, and zero systeminterruption (ZSI).

In contrast to current update installation processes, according toaspects of the present invention, if a mandatory installation attributeis set in association with a software update, it is an indication thatthe user must install the associated update on the computer. Typically,the mandatory installation attribute is set by a software provider,i.e., the origin of the software update, when the software providerconsiders a software update to be of such significance as to require itsinstallation. For example, a software provider may recognize, oridentify, a security flaw in its current software package, such as thoseaffected by computer worms, which affects not only each client computingdevice upon which it is installed, but threatens other similarlyconfigured computing devices connected via a network. In suchcircumstances, a software provider would be desirous to require, to theextent possible, that all computing devices install a correctivesoftware update.

According to the present invention, while a user ultimately may selectto not install any software updates on a client computing device, byassociating a mandatory installation attribute to a software update,that software update will mandatorily be installed in the next softwareupdate process. According to an actual embodiment, when a mandatoryinstallation attribute is set with respect to a software update, acomputer user is not given an option to selectively refuse itsinstallation. FIG. 14 is a pictorial diagram illustrating an exemplarysection 1400 of a graphical user interface for displaying a list ofsoftware updates 1402 and 1406 reflecting installation attributesaccording to aspects of the present invention. As shown in FIG. 14,update 1402 is titled as being a mandatory update. However, according tothe nature of a mandatory installation attribute, selection mechanism1404 reflects that the update is selected for installation, and providesa further visual indication representing that the user will be unable toun-select its installation. It should be noted that while a user may notbe able to un-select a mandatory update for installation, the user stillhas control over whether any updates will occur on the client computingdevice.

With respect to deadline update installation attributes, thisinstallation attribute is typically set by a system administrator incharge of the client computing device. It provides a control to thesystem administrator to ensure that the client computing device isupdated by a specific date and/or time. Accordingly, when anadministrator sets a deadline installation attribute for a softwareupdate, that deadline attribute also includes, or is accompanied by, itsspecific deadline. A user may selectively postpone installing a softwareupdate with an associated deadline installation attribute until itsassociated deadline passes, after which the user is not given an optionto un-select its installation. In a practical sense, a software updatewith deadline installation attribute whose deadline has passed becomes amandatory update. Software update 1406 illustrates a deadline updatewhose deadline (as per this example) has not yet passed. Accordingly,selection mechanism 1408, while indicating that the update is selectedfor installation, may be un-selected. Further illustrated in thisexample, the deadline for installing the update may be shown to theuser, as indicated by text message 1410. It should be appreciated thatthe exemplary user interface displayed in FIG. 14 is for illustrationpurposes only. In an alternative embodiment (not shown,) deadlineinformation would be displayed to a user when the user is selectingwhich software updates to download to the client computing device, andnot in the installation process's user interface.

According to aspects of the present invention, in normal operation, thecontents of a software update, i.e., the update binaries, files, and/orother data that effectuate a software update on the client computingdevice, are downloaded in a background process in order to minimize theimpact on network bandwidth. In particular, the download processnormally determines the client computer's network usage, and makesdownload requests that consume only that which is not used by otherprocesses. However, for critical software updates, waiting until thecontents are available is not optimal, perhaps because of a particularrisk to the client computing device posed by a computer network virus.Accordingly, by associating a priority installation attribute with asoftware update, the installation process temporarily abandons itsnormal practice of obtaining the software update content in thebackground and competes with other network activities for as muchnetwork bandwidth as can be used in order to download the update contentas quickly as possible.

With respect to the ZSI installation attribute, a software provider canfrequently determine whether an update will cause an interruption to theoperation of computing device if installed. For example, theinstallation of a software update may require that a computing device berebooted upon installation completion, that a particular softwareapplication be terminated while the installation is carried out, or thata user somehow interact with the installation process, all of which aresystem interruptions. However, as mentioned above, not all softwareupdates will create an interruption to the computing device, i.e.,require some form of user interaction. When a software provider is awarethat a software update will not cause any system interruptions, a ZSIinstallation attribute may be associated with the update.

According to the present invention, a ZSI update only affects computingdevices configured to automatically install software updates as theybecome available on the computing device. If the computing device is soconfigured, and if the ZSI installation attribute is associated with asoftware update, the ZSI software update is automatically installedwithout any user interaction. With respect to the exemplary section 1400of a graphical user interface for displaying a list of software updates,a ZSI update would not be displayed.

FIGS. 15A and 15B illustrate an exemplary routine 1500, implemented bythe client computing device 110, for controlling the installationbehaviors on a client computing device 110 according to installationattributes associated with a software update is presented. Beginning atdecision block 1502, a determination is made as to whether a priorityinstallation attribute is set for the software update to be installed.If the priority attribute is set, at block 1504 the installation routine1500 increases its request for network bandwidth in obtaining the updatecontent. Thereafter, or if a priority installation attribute is not setfor the software update, the routine proceeds to decision block 1506.

At decision block 1506, a determination is made as to whether a deadlineinstallation attribute is set for the software update to be installed.If a deadline installation attribute is set for the software update, atdecision block 1508 a further determination is made as to whether theassociated deadline has already passed. If the associated deadline haspassed, at block 1510, the software update is installed on the computingdevice without further user interaction, and the routine 1500terminates. Alternatively, if at decision block 1506 a deadlineinstallation attribute is not set, or if at decision block 1508 thedeadline associated with the deadline installation attribute has nopassed, the routine 1500 proceeds to decision block 1512 (FIG. 15B).

At decision block 1512, a determination is made as to whether amandatory installation attribute is set for the software update. If themandatory installation attribute is set, at block 1514, actions aretaken to disallow the user to no install the mandatory software update.Thereafter, or if the mandatory installation attribute is not set, atdecision block 1516, a determination is made as to whether a ZSIinstallation attribute is set for the software update. If the ZSIattribute is set, at decision block 1518, a further determination ismade as to whether the computing device is properly configured to allowZSI installations to automatically occur. If the computing device isproperly configured to allow ZSI installations to automatically occur,at block 1520, the ZSI software update is installed on the computingdevice without any user interaction, and the routine 1500 terminates.Alternatively, if at decision block 1516 the ZSI installation attributeis not set, or if at decision block 1518 the computing device is notproperly configured to allow ZSI installation to automatically occur, atblock 1522, the software update is installed on the computing device vianormal update installation procedures. Thereafter, the exemplary routine1500 terminates.

While the above description of the exemplary routine 1500 forcontrolling the installation behaviors on a client computing device 110is described according to a particular order, it should be appreciatedthat the order of processing installation attributes may be variedwithout departing from the scope of the present invention. Accordingly,the routine 1500 should be viewed as exemplary, and not construed aslimiting upon the present invention.

While various embodiments of the present invention have been illustratedand described, including the preferred embodiment, it will beappreciated that various changes can be made therein without departingfrom the spirit and scope of the invention. For instance, although theillustrative examples described herein apply to software updates, thescope of the present invention includes other uses beyond thedistribution and communication of information related to softwareupdates. Accordingly, unless specific subject matter is expresslyexcluded in this disclosure, it is to be appreciated that the scope ofthe present invention applies to distribution and communication of anytype of data, other than, or in addition to software updates.

1. A method for controlling the installation behaviors of a computingdevice during a software update installation, the method comprising:obtaining a software update to be installed on the computing device;determining whether an installation attribute is associated with thesoftware update; selectively modifying the installation behavior of thecomputing device according to the installation attribute if it isdetermined that an installation attribute is associated with thesoftware update; and installing the update on the client computer. 2.The method of claim 1, wherein determining whether an installationattribute is associated with the software update comprises determiningwhether a mandatory installation attribute is associated with thesoftware update; and wherein selectively modifying the installationbehavior of the computing device according to the installation attributeif it is determined that a mandatory installation attribute isassociated with the software update comprises disallowing the user ofthe computing device to selectively not install the software update onthe computing device.
 3. The method of claim 1, wherein determiningwhether an installation attribute is associated with the software updatecomprises determining whether a priority installation attribute isassociated with the software update; and wherein selectively modifyingthe installation behavior of the computing device according to theinstallation attribute if it is determined that a priority installationattribute is associated with the software update comprises temporarilyincreasing the network bandwidth request for downloading the softwareupdate's content.
 4. The method of claim 1, wherein determining whetheran installation attribute is associated with the software updatecomprises determining whether a deadline installation attribute isassociated with the software update; and wherein selectively modifyingthe installation behavior of the computing device according to theinstallation attribute if it is determined that a deadline installationattribute is associated with the software update comprises: determiningwhether the deadline for the deadline installation attribute has passed,and if so, automatically installing the software update without furtheruser interaction.
 5. The method of claim 1, wherein determining whetheran installation attribute is associated with the software updatecomprises determining whether a zero system interruption (ZSI)installation attribute is associated with the software update; andwherein selectively modifying the installation behavior of the computingdevice according to the installation attribute if it is determined thata ZSI installation attribute is associated with the software updatecomprises: determining whether the computing device is configured toautomatic installation of ZSI software updates, and if so, automaticallyinstalling the software update without further user interaction.
 6. Acomputer-readable medium having computer-executable instructions which,when executed on a client computing device, carry out a method forcontrolling the installation behaviors of the computing device during asoftware update installation, the method comprising the steps of:obtaining a software update to be installed on the computing device;determining whether an installation attribute is associated with thesoftware update; selectively modifying the installation behavior of thecomputing device according to the installation attribute if it isdetermined that an installation attribute is associated with thesoftware update; and installing the update on the client computer. 7.The method of claim 6 carried out by executing the computer-executableinstruction of the computer-readable medium, wherein determining whetheran installation attribute is associated with the software updatecomprises determining whether a mandatory installation attribute isassociated with the software update; and wherein selectively modifyingthe installation behavior of the computing device according to theinstallation attribute if it is determined that a mandatory installationattribute is associated with the software update comprises disallowingthe user of the computing device to selectively not install the softwareupdate on the computing device.
 8. The method of claim 6 carried out byexecuting the computer-executable instruction of the computer-readablemedium, wherein determining whether an installation attribute isassociated with the software update comprises determining whether apriority installation attribute is associated with the software update;and wherein selectively modifying the installation behavior of thecomputing device according to the installation attribute if it isdetermined that a priority installation attribute is associated with thesoftware update comprises temporarily increasing the network bandwidthrequest for downloading the software update's content.
 9. The method ofclaim 6 carried out by executing the computer-executable instruction ofthe computer-readable medium, wherein determining whether aninstallation attribute is associated with the software update comprisesdetermining whether a deadline installation attribute is associated withthe software update; and wherein selectively modifying the installationbehavior of the computing device according to the installation attributeif it is determined that a deadline installation attribute is associatedwith the software update comprises: determining whether the deadline forthe deadline installation attribute has passed, and if so, automaticallyinstalling the software update without further user interaction.
 10. Themethod of claim 6 carried out by executing the computer-executableinstruction of the computer-readable medium, wherein determining whetheran installation attribute is associated with the software updatecomprises determining whether a zero system interruption (ZSI)installation attribute is associated with the software update; andwherein selectively modifying the installation behavior of the computingdevice according to the installation attribute if it is determined thata ZSI installation attribute is associated with the software updatecomprises: determining whether the computing device is configured toautomatic installation of ZSI software updates, and if so, automaticallyinstalling the software update without further user interaction.
 11. Amethod for controlling the installation behaviors of a computing deviceduring a software update installation according to associatedinstallation attributes, the method comprising the steps of: obtaining asoftware update to be installed on the computing device; determiningwhether a mandatory installation attribute is associated with thesoftware update, and if so, modifying the installation behavior of thecomputing device with respect to the software update such that the userof the computing device is prevented from selectively not installing thesoftware update on the computing device; determining whether a priorityinstallation attribute is associated with the software update, and ifso, modifying the installation behavior of the computing device withrespect to the software update by temporarily increasing the networkbandwidth request for downloading the software update's content;determining whether a deadline installation attribute is associated withthe software update, and if so, modifying the installation behavior ofthe computing device with respect to the software update such that thesoftware update will be automatically installed on the computing devicewithout user interaction if a deadline corresponding the deadlineinstallation attribute has passed; determining whether a zero serviceinterruption (ZSI) installation attribute is associated with thesoftware update, and if so, modifying the installation behavior of thecomputing device with respect to the software update such that thesoftware update will be automatically installed on the computing devicewithout user interaction if the computing device is properly configured;and installing the update on the client computer.